Customizable new DDoS service already appears to have fans among pro-Russia hacking groups

The pro-Russian hacking group Passion has created a flexible new tool to launch distributed denial-of-service (DDoS) attacks against Ukraine and its allies, researchers say.

Passion’s botnet — the collection of malware-infected devices used for the attacks — is available to rent, and it already has been deployed by other well-known pro-Russian hacktivist collectives, including Killnet and Anonymous Russia, according to a report by Radware published earlier this week.

It's hardly the first or most popular tool of its kind, but the quick adoption by two infamous hacking groups is reason for concern, the researchers said.

For $120 per month, Passion allows customers to “customize” their DDoS incidents by choosing from 10 attack vectors and determining the duration and intensity of the bogus internet traffic, the researchers said.

This customization option and the ability to combine and switch attack vectors make it more difficult for a target to detect and mitigate the onslaught of webpage requests, according to Radware.

The Passion botnet was allegedly deployed by several Russian hacktivist groups during the January attacks on hospitals in the U.S., U.K., and Europe in retaliation for them agreeing to send tanks to Ukraine.

The incidents were limited to the public websites of the hospitals and not aimed at internal operations. However, Killnet, which claimed responsibility for the attacks, said that it may change its tactic if countries continue to support Ukraine. Cybersecurity experts note that DDoS attacks might not be destructive, but they can serve as a distraction for other activities.

DDoS protection provider Cloudflare wrote on Thursday that there has been an increase in the number of healthcare organizations asking to protect their services from DDoS attacks. Multiple healthcare clients of Cloudflare have also been targeted by hackers, the company said.

Cloudflare said that the incidents don’t seem to originate from a single botnet and the attack methods and sources seem to vary as well.

“This could indicate the involvement of multiple threat actors” or be a sign of “a more sophisticated, coordinated attack.”

Hackers behind the Passion botnet have also been involved in website defacement and DDoS attacks, mostly targeting small organizations in Japan and South Africa.

Weekly, monthly, yearly

The group claims on its channel on Telegram that it is not controlled or funded by the Russian government and asks its followers to donate “for the realization of a common mission.”

Hackers offer three subscription options to the Passion botnet: $30 per week, $120 per month, or $1,440 per year. The group only accepts payments in Bitcoin or Tether virtual currencies through the Russian payment service provider QIWI.

The Passion botnet hasn't yet become as popular as other hacktivist DDoS tools, including Project DDOSIA developed by the group NoName(057)16, according to Radware.

DDoS tools have become popular among hacktivists because they allow low-skill hackers to launch much larger and more powerful attacks, according to Radware.

And while these attacks rarely result in major disruptions, they can significantly harm an organization's reputation, and cause a loss of trust and credibility with customers and stakeholders, the researchers said.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles

Daryna Antoniuk

Daryna Antoniuk

is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.